refactor: suppression consul_token pipeline + restart always
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
- Retire consul_token du pipeline (write-env + deploy) : Registrator gere le routage Fabio via labels SERVICE_* automatiquement - Supprime le bloc KV Fabio manuel dans le step deploy - Passe prestashop et db en restart: always - Ajoute /docs-sbom dans .gitignore Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
syoul
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,3 +1,4 @@
|
|||||||
|
/docs-sbom
|
||||||
/docs-syoul
|
/docs-syoul
|
||||||
/docs-sonic
|
/docs-sonic
|
||||||
/plans
|
/plans
|
||||||
|
|||||||
@@ -38,7 +38,6 @@ steps:
|
|||||||
# Etape 3a : Ecriture du .env depuis les secrets
|
# Etape 3a : Ecriture du .env depuis les secrets
|
||||||
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
|
# NOTE: ne pas utiliser ${VAR} dans commands (bug Woodpecker next), utiliser env | grep
|
||||||
# NOTE: from_secret et volumes: incompatibles dans le meme step (bug Woodpecker next)
|
# NOTE: from_secret et volumes: incompatibles dans le meme step (bug Woodpecker next)
|
||||||
# -> consul_token ecrit dans .consul_token ici, lu dans deploy
|
|
||||||
- name: write-env
|
- name: write-env
|
||||||
image: alpine:3.20
|
image: alpine:3.20
|
||||||
environment:
|
environment:
|
||||||
@@ -54,20 +53,16 @@ steps:
|
|||||||
from_secret: db_root_password
|
from_secret: db_root_password
|
||||||
DB_PASSWORD:
|
DB_PASSWORD:
|
||||||
from_secret: db_password
|
from_secret: db_password
|
||||||
CONSUL_TOKEN:
|
|
||||||
from_secret: consul_token
|
|
||||||
commands:
|
commands:
|
||||||
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
|
- env | grep -E "^(PS_DOMAIN|PS_ADMIN_FOLDER|PRESTASHOP_ADMIN_EMAIL|PRESTASHOP_ADMIN_PASSWORD|DB_ROOT_PASSWORD|DB_PASSWORD)=" > .env.deploy
|
||||||
# COMPOSE_PROJECT_NAME : convention user-project-branch, genere depuis les vars CI
|
# COMPOSE_PROJECT_NAME : convention user-project-branch, genere depuis les vars CI
|
||||||
- OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z') && REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z') && BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-') && echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
|
- OWNER=$(echo "$CI_REPO_OWNER" | tr 'A-Z' 'a-z') && REPO=$(echo "$CI_REPO_NAME" | tr 'A-Z' 'a-z') && BRANCH=$(echo "$CI_COMMIT_BRANCH" | tr 'A-Z/' 'a-z-') && echo "COMPOSE_PROJECT_NAME=$OWNER-$REPO-$BRANCH" >> .env.deploy
|
||||||
# consul_token ecrit seul (depuis from_secret, sans volumes)
|
|
||||||
- env | grep '^CONSUL_TOKEN=' | cut -d= -f2 > .consul_token
|
|
||||||
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
|
- echo "Fichier .env.deploy cree ($(wc -c < .env.deploy) octets)"
|
||||||
|
|
||||||
# Etape 3b : Deploiement sur sonic via Docker socket
|
# Etape 3b : Deploiement sur sonic via Docker socket
|
||||||
# Modele pipeline sonic : deploy Docker Compose + cert TLS (acme.sh)
|
# Modele pipeline sonic : deploy Docker Compose + cert TLS (acme.sh)
|
||||||
# Registrator enregistre automatiquement le container dans Consul via les labels SERVICE_*
|
# Registrator enregistre automatiquement le container dans Consul via les labels SERVICE_*
|
||||||
# Consul valide le service via SERVICE_80_CHECK_HTTP -> Fabio route le trafic automatiquement
|
# et publie les routes dans Fabio sans intervention manuelle
|
||||||
- name: deploy
|
- name: deploy
|
||||||
image: docker:27-cli
|
image: docker:27-cli
|
||||||
volumes:
|
volumes:
|
||||||
@@ -75,14 +70,12 @@ steps:
|
|||||||
- /opt/prestashop:/opt/prestashop
|
- /opt/prestashop:/opt/prestashop
|
||||||
commands:
|
commands:
|
||||||
- cp .env.deploy /opt/prestashop/.env
|
- cp .env.deploy /opt/prestashop/.env
|
||||||
- cp .consul_token /opt/prestashop/.consul_token
|
- chmod 600 /opt/prestashop/.env
|
||||||
- chmod 600 /opt/prestashop/.env /opt/prestashop/.consul_token
|
|
||||||
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
- cp docker-compose.yml /opt/prestashop/docker-compose.yml
|
||||||
- cd /opt/prestashop && docker compose pull
|
- cd /opt/prestashop && docker compose pull
|
||||||
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
- cd /opt/prestashop && docker compose up -d --remove-orphans
|
||||||
- cd /opt/prestashop && docker compose ps
|
- cd /opt/prestashop && docker compose ps
|
||||||
- |
|
- |
|
||||||
PROJECT=$(grep '^COMPOSE_PROJECT_NAME=' /opt/prestashop/.env | cut -d= -f2)
|
|
||||||
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
|
DOMAIN=$(grep '^PS_DOMAIN=' /opt/prestashop/.env | cut -d= -f2)
|
||||||
|
|
||||||
# --- Certificat TLS (acme.sh via sonic-acme-1) ---
|
# --- Certificat TLS (acme.sh via sonic-acme-1) ---
|
||||||
@@ -105,16 +98,6 @@ steps:
|
|||||||
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
|
docker exec sonic-acme-1 cp /etc/acme.sh/$DOMAIN/$DOMAIN.key /host/certs/$DOMAIN-key.pem
|
||||||
echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
|
echo "Cert TLS: /host/certs/$DOMAIN-cert.pem OK (acme exit $ACME_EXIT)"
|
||||||
|
|
||||||
# --- Mise a jour KV Fabio ---
|
|
||||||
# Sous-cle fabio/config/$PROJECT pour coexister avec les autres projets sans les ecraser
|
|
||||||
# IP relue apres docker compose up (nouvelle stack = nouvelle IP Docker)
|
|
||||||
CTOK=$(cat /opt/prestashop/.consul_token)
|
|
||||||
IP=$(docker inspect "$PROJECT-app" --format '{{(index .NetworkSettings.Networks "sonic").IPAddress}}')
|
|
||||||
ROUTES=$(printf 'route add %s %s/* http://%s:80/\nroute add %s %s:443/* http://%s:80/' \
|
|
||||||
"$PROJECT" "$DOMAIN" "$IP" "$PROJECT" "$DOMAIN" "$IP")
|
|
||||||
docker exec sonic-consul env CONSUL_HTTP_TOKEN="$CTOK" consul kv put "fabio/config/$PROJECT" "$ROUTES"
|
|
||||||
echo "KV Fabio: fabio/config/$PROJECT -> $IP:80"
|
|
||||||
|
|
||||||
# Etape 4 : Configuration post-deploiement (SSL, cache)
|
# Etape 4 : Configuration post-deploiement (SSL, cache)
|
||||||
# Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
|
# Attend la fin de l'installation PrestaShop (ps_configuration initialisee),
|
||||||
# puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)
|
# puis active SSL dans la DB (PrestaShop genere des URLs https:// grace a X-Forwarded-Proto:https de Fabio)
|
||||||
|
|||||||
@@ -6,7 +6,7 @@ services:
|
|||||||
prestashop:
|
prestashop:
|
||||||
image: prestashop/prestashop:8-apache
|
image: prestashop/prestashop:8-apache
|
||||||
container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-app
|
container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-app
|
||||||
restart: unless-stopped
|
restart: always
|
||||||
depends_on:
|
depends_on:
|
||||||
db:
|
db:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
@@ -45,7 +45,7 @@ services:
|
|||||||
db:
|
db:
|
||||||
image: mariadb:10.11
|
image: mariadb:10.11
|
||||||
container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-db
|
container_name: ${COMPOSE_PROJECT_NAME:-syoul-prestashop-main}-db
|
||||||
restart: unless-stopped
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
|
||||||
MYSQL_DATABASE: prestashop
|
MYSQL_DATABASE: prestashop
|
||||||
|
|||||||
Reference in New Issue
Block a user